3b2defd94f
Renames all 11 projects (5 src + 6 tests), the .slnx solution file, all source-file namespaces, all axaml namespace references, and all v1 documentation references in CLAUDE.md and docs/*.md (excluding docs/v2/ which is already in OtOpcUa form). Also updates the TopShelf service registration name from "LmxOpcUa" to "OtOpcUa" per Phase 0 Task 0.6.
Preserves runtime identifiers per Phase 0 Out-of-Scope rules to avoid breaking v1/v2 client trust during coexistence: OPC UA `ApplicationUri` defaults (`urn:{GalaxyName}:LmxOpcUa`), server `EndpointPath` (`/LmxOpcUa`), `ServerName` default (feeds cert subject CN), `MxAccessConfiguration.ClientName` default (defensive — stays "LmxOpcUa" for MxAccess audit-trail consistency), client OPC UA identifiers (`ApplicationName = "LmxOpcUaClient"`, `ApplicationUri = "urn:localhost:LmxOpcUaClient"`, cert directory `%LocalAppData%\LmxOpcUaClient\pki\`), and the `LmxOpcUaServer` class name (class rename out of Phase 0 scope per Task 0.5 sed pattern; happens in Phase 1 alongside `LmxNodeManager → GenericDriverNodeManager` Core extraction). 23 LmxOpcUa references retained, all enumerated and justified in `docs/v2/implementation/exit-gate-phase-0.md`.
Build clean: 0 errors, 30 warnings (lower than baseline 167). Tests at strict improvement over baseline: 821 passing / 1 failing vs baseline 820 / 2 (one flaky pre-existing failure passed this run; the other still fails — both pre-existing and unrelated to the rename). `Client.UI.Tests`, `Historian.Aveva.Tests`, `Client.Shared.Tests`, `IntegrationTests` all match baseline exactly. Exit gate compliance results recorded in `docs/v2/implementation/exit-gate-phase-0.md` with all 7 checks PASS or DEFERRED-to-PR-review (#7 service install verification needs Windows service permissions on the reviewer's box).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
101 lines
4.2 KiB
C#
101 lines
4.2 KiB
C#
using System;
|
|
using System.Collections.Generic;
|
|
using System.Linq;
|
|
using Opc.Ua;
|
|
using Serilog;
|
|
|
|
namespace ZB.MOM.WW.OtOpcUa.Host.OpcUa
|
|
{
|
|
/// <summary>
|
|
/// Maps configured security profile names to OPC UA <see cref="ServerSecurityPolicy" /> instances.
|
|
/// </summary>
|
|
public static class SecurityProfileResolver
|
|
{
|
|
private static readonly ILogger Log = Serilog.Log.ForContext(typeof(SecurityProfileResolver));
|
|
|
|
private static readonly Dictionary<string, ServerSecurityPolicy> KnownProfiles =
|
|
new(StringComparer.OrdinalIgnoreCase)
|
|
{
|
|
["None"] = new ServerSecurityPolicy
|
|
{
|
|
SecurityMode = MessageSecurityMode.None,
|
|
SecurityPolicyUri = SecurityPolicies.None
|
|
},
|
|
["Basic256Sha256-Sign"] = new ServerSecurityPolicy
|
|
{
|
|
SecurityMode = MessageSecurityMode.Sign,
|
|
SecurityPolicyUri = SecurityPolicies.Basic256Sha256
|
|
},
|
|
["Basic256Sha256-SignAndEncrypt"] = new ServerSecurityPolicy
|
|
{
|
|
SecurityMode = MessageSecurityMode.SignAndEncrypt,
|
|
SecurityPolicyUri = SecurityPolicies.Basic256Sha256
|
|
},
|
|
["Aes128_Sha256_RsaOaep-Sign"] = new ServerSecurityPolicy
|
|
{
|
|
SecurityMode = MessageSecurityMode.Sign,
|
|
SecurityPolicyUri = SecurityPolicies.Aes128_Sha256_RsaOaep
|
|
},
|
|
["Aes128_Sha256_RsaOaep-SignAndEncrypt"] = new ServerSecurityPolicy
|
|
{
|
|
SecurityMode = MessageSecurityMode.SignAndEncrypt,
|
|
SecurityPolicyUri = SecurityPolicies.Aes128_Sha256_RsaOaep
|
|
},
|
|
["Aes256_Sha256_RsaPss-Sign"] = new ServerSecurityPolicy
|
|
{
|
|
SecurityMode = MessageSecurityMode.Sign,
|
|
SecurityPolicyUri = SecurityPolicies.Aes256_Sha256_RsaPss
|
|
},
|
|
["Aes256_Sha256_RsaPss-SignAndEncrypt"] = new ServerSecurityPolicy
|
|
{
|
|
SecurityMode = MessageSecurityMode.SignAndEncrypt,
|
|
SecurityPolicyUri = SecurityPolicies.Aes256_Sha256_RsaPss
|
|
}
|
|
};
|
|
|
|
/// <summary>
|
|
/// Gets the list of valid profile names for validation and documentation.
|
|
/// </summary>
|
|
public static IReadOnlyCollection<string> ValidProfileNames => KnownProfiles.Keys.ToList().AsReadOnly();
|
|
|
|
/// <summary>
|
|
/// Resolves the configured profile names to <see cref="ServerSecurityPolicy" /> entries.
|
|
/// Unknown names are skipped with a warning. An empty or fully-invalid list falls back to <c>None</c>.
|
|
/// </summary>
|
|
/// <param name="profileNames">The profile names from configuration.</param>
|
|
/// <returns>A deduplicated list of server security policies.</returns>
|
|
public static List<ServerSecurityPolicy> Resolve(IReadOnlyCollection<string> profileNames)
|
|
{
|
|
var resolved = new List<ServerSecurityPolicy>();
|
|
var seen = new HashSet<string>(StringComparer.OrdinalIgnoreCase);
|
|
|
|
foreach (var name in profileNames ?? Array.Empty<string>())
|
|
{
|
|
if (string.IsNullOrWhiteSpace(name))
|
|
continue;
|
|
|
|
var trimmed = name.Trim();
|
|
|
|
if (!seen.Add(trimmed))
|
|
{
|
|
Log.Debug("Skipping duplicate security profile: {Profile}", trimmed);
|
|
continue;
|
|
}
|
|
|
|
if (KnownProfiles.TryGetValue(trimmed, out var policy))
|
|
resolved.Add(policy);
|
|
else
|
|
Log.Warning("Unknown security profile '{Profile}' — skipping. Valid profiles: {ValidProfiles}",
|
|
trimmed, string.Join(", ", KnownProfiles.Keys));
|
|
}
|
|
|
|
if (resolved.Count == 0)
|
|
{
|
|
Log.Warning("No valid security profiles configured — falling back to None");
|
|
resolved.Add(KnownProfiles["None"]);
|
|
}
|
|
|
|
return resolved;
|
|
}
|
|
}
|
|
} |